fec0cb9704a12874b7d0dec9b1081acf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fec0cb9704a12874b7d0dec9b1081acf_JaffaCakes118
Size

143KB
MD5

fec0cb9704a12874b7d0dec9b1081acf
SHA1

ac1d685ec15fd5b5f75dd02ae7a8ae6c1e2600df
SHA256

b5ee9b348fb1d7969bd756c5c61f9e38bf88e61d0d1e9c6a8e7277eac556bddf
SHA512

b3fc6c9ac12327401f351920b9ab3a2deb4d94cec47957b24b1f4df3410e75cfe8caf51192d66b2b1884445c31787bfb86aee6423c951a5fd1afb4fd0c868cf9
SSDEEP

3072:WmhupnoeEvCkdFTC+pJqHFYoGtvmaYh1tJpW7ZHNbnpacBwvt8dmrgjv3:+dEvZXTtqHFAeaYbpWtHNbnpJwlEwg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fec0cb9704a12874b7d0dec9b1081acf_JaffaCakes118

Files

fec0cb9704a12874b7d0dec9b1081acf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55409023bae2d4390d411106d34c9dfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WinExec
WriteFile
lstrcmpiA
lstrcpyA
lstrlenA

user32

CharLowerA
DispatchMessageA
EnumThreadWindows
GetMessageA
KillTimer
MessageBoxA
SetTimer
TranslateMessage
wsprintfA
wvsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55409023bae2d4390d411106d34c9dfc

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 52KB

.data Size: 64KB - Virtual size: 76KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 52KB

.data
Size: 64KB - Virtual size: 76KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB